Trusted computing based on a Trusted Computing Group (TCG) Trusted Platform Module (TPM) defines both ‘trusted’ and ‘secure’ boot methods. Trusted boot measures boot code before the code executes and stores measurements in a TPM Platform Configuration Register (PCR). Even if trusted boot loads rogue code, that code is prevented from erasing or covering the stored PCR measurements. A network entity detects existence of rogue code and responds to remove the rogue code or isolate the platform from interacting with unaffected systems.
Secure boot takes enforcement a step further where a whitelist of known good measurements is used to compare boot measurements and prevent loading or executing of rogue code. Secure boot is intended to prevent damage to the host platform whereas trusted boot is intended to recover from the effects of rogue code.
Today, Internet connected systems are prevalent. The Internet-of-things gives rise to a new class of connected systems where the proper functioning of multiple connected systems is dependent on trusted booting, which is difficult to ensure in these systems.